Beware of “Smishing” Attacks on Android and iPhone Users

Constructure Technologies - Smishing Attacks - CyberSecurity

Hackers are ramping up their efforts to steal personal and financial data through smishing—a growing cyber threat that targets smartphone users. A recent nationwide warning was issued about a surge in smishing attacks affecting both iPhone and Android users.

With over 10,000 fraudulent domains registered to support these scams, phone users are tricked into revealing sensitive data through fake text messages that appear to come from legitimate sources. Here’s what you need to know and how you can protect yourself.

What Is Smishing?

Smishing is a type of phishing attack carried out through text messages (SMS). Hackers send fraudulent texts designed to look like they are from banks, delivery services, toll agencies, or another official institution.

These messages often:

  • Claim you owe unpaid toll fees or have a pending package delivery.
  • Include links directing you to a fake website that looks real.
  • Urge you to enter personal data like credit card numbers, passwords, or banking details.
  • Use scare tactics, such as warnings about account suspension or fraud alerts.

Once you enter your details, hackers gain access to your sensitive data, putting you at risk of stolen identity and financial fraud.

How Smishing Scams Work

According to cybersecurity firm Palo Alto Networks’ Unit 42, scammers have expanded their attacks beyond toll payment scams to fake delivery service alerts and fraudulent financial messages.

These messages contain links that bypass security features on iPhones and Android devices by instructing users to copy and paste URLs into their browsers instead of clicking them directly. 

Many of these fraudulent websites are hosted on Chinese domains, including:

  • dhl.com-new[.]xin
  • fedex.com-fedexl[.]xin
  • e-zpassny.com-ticketd[.]xin
  • thetollroads.com-fastrakeu[.]xin

Since January, there has been a fourfold increase in smishing attacks, with cities like Dallas, Atlanta, Los Angeles, Chicago, and Orlando being heavily targeted.

What to Do If You Receive a Smishing Text

1. Do Not Click on Links

Avoid clicking on any link in an unexpected text message. If you believe the message could be legitimate, visit the company’s official website directly through your browser instead.

2. Verify the Sender

If a message claims to be from a toll service, delivery company, or bank, contact them using official contact resources. Never call the number or visit the website provided in a suspicious text.

3. Report and Delete the Message

  • iPhone users: Use the “Report Junk” feature in iMessage.
  • All users: Forward scam texts to 7726 (SPAM) to report them.
  • File a complaint with the IC3.

4. Monitor Your Accounts

If you accidentally provided personal or financial data, take immediate action:

  • Change your passwords for any compromised accounts.
  • Monitor your bank statements for unauthorized activity.
  • Enable two-factor authentication (2FA) for extra security.

5. Use Security Tools

Consider using anti-malware and cybersecurity tools on your phone to detect and block malicious links before they reach you.

Protect Your Business with Constructure Technologies

Businesses are also at risk of smishing attacks, as hackers often target staff to steal sensitive company data. Constructure Technologies provides comprehensive cybersecurity solutions to safeguard your network and prevent cyber threats, including:

  • 24/7 security monitoring to detect and prevent attacks.
  • Penetration testing to identify vulnerabilities before hackers exploit them.
  • Network security assessments to ensure your systems are secure.
  • Incident response services to mitigate and recover from breaches.

Hackers don’t just target big corporations—every business storing customer or financial data is at risk. Let Constructure Technologies protect your company.

Call us at 631.396.7777 or email us at info@constructuretech.com.